On 18/02/2023 13:33, tomas wrote:
On Sat, Feb 18, 2023 at 12:50:12PM +0700, Max Nikulin wrote:
When some application is packaged for Linux distributions it is easier to
rebuild it with a custom patch. I suspect that a developer distributing a
snap package may use specific and not well documented build environment.
I think this one is a very important point which hasn't been addressed
yet in this thread: Debian packages provide not only their source, but
the whole build setup to rebuild that package (and most of them in a
reproducible [1] way, i.e. they yield bit-for-bit identical binaries
whenever the sources and the build dependencies stay constant).
In my opinion reproducible build is a next order problem. I have seen
phrases like "it is too complicated to build". I am in doubts if such
application can still be called free software despite its license. It is
open source, but it is prohibitively difficult to build.
I do not consider maintaining build rules as a pleasant activity during
software development. Keeping scripts portable may require enough
efforts. Certainly it is great when users do not have to compile
applications themselves. Unfortunately convenient channels to deliver
ready to use software caused emergence on an opposite issue. Nobody
besides its developer can build it. It is expected that for the
developer build scripts have lowest priority since there is no
backpressure from maintainers of Linux distributions. Alleviation of an
issue creates new challenges.
More snap issues:
I am unsure if it is possible to get debug symbols for snap packages.
Attaching debugger to a sandboxed process may be not so easy as well.
I have not investigated if I can tune level of isolation of snap
packages for specific purposes. E.g. firefox snap does not allow opening
PDF files from /usr/share/doc because system directories are isolated.
On the other hand whole home directory is exposed for convenience. Can I
start a browser instance with specific network namespace with firewall
rules blocking access to local resources while another browser profile
have access to the local network? Snap provides some knobs, however I an
unsure that I will not face hard coded limitations.
Not to mention complains that due to compressed image start time may
became an issue.
